const MaxNameLen = 4096

funcAnnotations¶added inv1.0.0

func Annotations(labels []string) (bundlestring, userAnnotations map[string]string)

Annotations returns the bundle path and user defined annotations from thelibcontainer state. We need to remove the bundle because that is a labeladded by libcontainer.

funcCleanPath¶added inv0.0.8

func CleanPath(pathstring)string

CleanPath makes a path safe for use with filepath.Join. This is done by notonly cleaning the path, but also (if the path is relative) adding a leading'/' and cleaning it (then removing the leading '/'). This ensures that apath resulting from prepending another path will always resolve to lexicallybe a subdirectory of the prefixed path. This is all done lexically, so pathsthat include symlinks won't be safe as a result of using CleanPath.

funcCloseExecFrom¶

func CloseExecFrom(minFdint)error

CloseExecFrom sets the O_CLOEXEC flag on all file descriptors greater orequal to minFd in the current process.

funcEnsureProcHandle¶added inv1.0.0

func EnsureProcHandle(fh *os.File)error

EnsureProcHandle returns whether or not the given file handle is on procfs.

funcExitStatus¶

func ExitStatus(statusunix.WaitStatus)int

ExitStatus returns the correct exit status for a process based on if itwas signaled or exited cleanly

funcIsLexicallyInRoot¶added inv1.1.14

func IsLexicallyInRoot(root, pathstring)bool

IsLexicallyInRoot is shorthand for strings.HasPrefix(path+"/", root+"/"),but properly handling the case where path or root are "/".

NOTE: The return value only make sense if the path doesn't contain "..".

funcMkdirAllInRoot¶added inv1.1.14

func MkdirAllInRoot(root, unsafePathstring, modeos.FileMode)error

MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes thereturned handle, for callers that don't need to use it.

funcMkdirAllInRootOpen¶added inv1.1.14

func MkdirAllInRootOpen(root, unsafePathstring, modeos.FileMode) (_ *os.File, Errerror)

MkdirAllInRootOpen attempts to make

path, _ := securejoin.SecureJoin(root, unsafePath)os.MkdirAll(path, mode)os.Open(path)

safer against attacks where components in the path are changed betweenSecureJoin returning and MkdirAll (or Open) being called. In particular, wetry to detect any symlink components in the path while we are doing theMkdirAll.

NOTE: If unsafePath is a subpath of root, we assume that you have alreadycalled SecureJoin and so we use the provided path verbatim without resolvingany symlinks (this is done in a way that avoids symlink-exchange races).This means that the path also must not contain ".." elements, otherwise anerror will occur.

This uses securejoin.MkdirAllHandle under the hood, but it has specialhandling if unsafePath has already been scoped within the rootfs (this isneeded for a lot of runc callers and fixing this would require reworking alot of path logic).

funcNewSockPair¶added inv1.0.0

func NewSockPair(namestring) (parent, child *os.File, errerror)

NewSockPair returns a new SOCK_STREAM unix socket pair.

funcOpenat¶added inv1.2.0

func Openat(dir *os.File, pathstring, flagsint, modeuint32) (*os.File,error)

Openat is a Go-friendly openat(2) wrapper.

funcRecvFile¶added inv1.2.0

func RecvFile(socket *os.File) (_ *os.File, Errerror)

RecvFile waits for a file descriptor to be sent over the given AF_UNIXsocket. The file name of the remote file descriptor will be recreatedlocally (it is sent as non-auxiliary data in the same payload).

funcSearchLabels¶added inv0.1.0

func SearchLabels(labels []string, keystring) (string,bool)

SearchLabels searches through a list of key=value pairs for a given key,returning its value, and the binary flag telling whether the key exist.

funcSendFile¶added inv1.2.0

func SendFile(socket *os.File, file *os.File)error

SendFile sends a file over the given AF_UNIX socket. file.Name() is alsoincluded so that if the other end uses RecvFile, the file will have the samename information.

funcSendRawFd¶added inv1.2.0

func SendRawFd(socket *os.File, msgstring, fduintptr)error

SendRawFd sends a specific file descriptor over the given AF_UNIX socket.

funcUnsafeCloseFrom¶added inv1.1.12

func UnsafeCloseFrom(minFdint)error

UnsafeCloseFrom closes all file descriptors greater or equal to minFd in thecurrent process, except for those critical to Go's runtime (such as thenetpoll management descriptors).

NOTE: That this function is incredibly dangerous to use in most Go code, asclosing file descriptors from underneath *os.File handles can lead to verybad behaviour (the closed file descriptor can be re-used and then any*os.File operations would apply to the wrong file). This function is onlyintended to be called from the last stage of runc init.

funcWithProcfd¶added inv1.0.0

func WithProcfd(root, unsafePathstring, fn func(procfdstring)error)error

WithProcfd runs the passed closure with a procfd path (/proc/self/fd/...)corresponding to the unsafePath resolved within the root. Before passing thefd, this path is verified to have been inside the root -- so operating on itthrough the passed fdpath should be safe. Do not access this path throughthe original path strings, and do not attempt to use the pathname outside ofthe passed closure (the file handle will be freed once the closure returns).

funcWriteJSON¶added inv0.0.7

func WriteJSON(wio.Writer, v interface{})error

WriteJSON writes the provided struct v to w using standard json marshalingwithout a trailing newline. This is used instead of json.Encoder becausethere might be a problem in json decoder in some cases, see:https://github.com/docker/docker/issues/14203#issuecomment-174177790

typeProcThreadSelfCloser¶added inv1.2.0

type ProcThreadSelfCloser func()

func ProcThreadSelf(subpathstring) (string,ProcThreadSelfCloser)

func ProcThreadSelfFd(fduintptr) (string,ProcThreadSelfCloser)